The Office of the Director of National Intelligence (ODNI) recently published a graphic depicting the vulnerability to U.S. industrial control systems. The graphic includes top recommendations and guidance from CISA, the EPA, FBI, and WaterISAC. The dataset was provided by the Cyber Threat Intelligence Integration Center (CTIIC) that captures cyber attacks on industrial systems from November 23, 2023 through April 22, 2024.

The graphic highlights how Iran-affiliated and pro-Russia cyber actors have gained access to, and in some cases manipulated, critical U.S. ICS systems in the food and agriculture, healthcare, and water and wastewater sectors since late 2023. These attacks highlight a potential public safety threat and an avenue for malicious cyber actors to cause physical damage and deny critical services.

Cyber Best Practices for Utilities:

The following guidance is recommended by Cybersecurity and Infrastructure Security Agency (CISA), Environmental Protection Agency (EPA), FBI, Water Information Sharing and Analysis Center (WaterISAC). The top four recommendations will provide a critical reduction in the ICS attack surface.

• Change Default Passwords Immediately
• Inventory ICS Assets To Find Vulnerable Devices and Manage Associated Common Vulnerabilities & Exposures (CVEs)
• Enforce User Access Controls and Multifactor Authentication for Remote Access
• Conduct a Cybersecurity Risk Assessment Focused on Reducing Exposure to the Public-Facing Internet
• Install Independent Cyber-Physical Safety Systems
• Conduct Regular Cybersecurity Assessments and Cybersecurity Awareness Training
• Develop and Exercise Cybersecurity Incident Response and Recovery Plans
• Develop and Enforce Cybersecurity Policies and Procedures (Governance)
• Implement Threat Detection and Monitoring
• Back Up ICS
• Integrate Cyber and Physical Incident Response, Mitigation, and Recovery Plans
• Participate in Information Sharing and Collaboration Communities

To review the full graphic, visit ODNI.